Group signature schemes are cryptographic systems that
provide revocable anonymity for signers. We propose a group
signature scheme with constant-size public key and signature
length that does not require trapdoor. So system parameters can be
shared by multiple groups belonging to different organizations.
The scheme is provably secure in the formal model recently
proposed by Bellare, Shi and Zhang (BSZ04), using random oracle
model, Decisional Bilinear Diffie-Hellman and Strong
Diffie-Hellman assumptions. We give a more efficient variant
scheme and prove its security in a formal model which is a
modification of BSZ04 model and has a weaker anonymity
requirement. Both schemes are very efficient and the sizes of
signatures are approximately one half and one third, respectively,
of the sizes of the well-known ACJT00 scheme. We will show that
the schemes can be used to construct a traceable signature scheme
and identity escrow schemes. They can also be
extended to provide membership revocation.